Tools

Googling Security: Mapping, Directions, and Imagery

By Greg Conti, October 03, 2008

Tracking Your Movements via Mashups

At the time of this writing, there are 50,000 Google mashups. Mashups are a powerful innovation that enables users to plot virtually any sort of information with a geographic component on top of Google Maps. As one blogger elegantly put it,"Now information on the web does not need to bind to just what and how. Your piece of information can also represent where." Google Maps mashups have exploded in popularity and have been used for everything from locating street light cameras and inexpensive gas to identifying where UFOs have been sited (see Figure 6). However, mashups combine the general sensitivity of using mapping services with two other important disclosures. The first is your interest in a given subject, such as evading red light cameras. Second, mashups identify your visit to a given web site. Typically, an online company knows if you visit only one of its web sites. By embedding a map inside a third-party web page, Google can track your activity as you hop around such sites.

[Click image to view at full size]

Figure 6: By embedding content in third-party web sites, such as in this Google mashup of UFO sightings, Google can track your activity as you move about the web.

Content Is a Threat, Too

High-resolution satellite imagery was once the sole domain of intelligence agencies, but now high-quality imagery is available for free (think of the tools provided by Google, AOL, and Yahoo!).We've just looked at how our interactions with these services disclose sensitive information, but it is important to consider the content of these services, even if you never use them yourself. This class of threat is somewhat different, in that the content itself might be sensitive to those in the images, both from overhead and at street-level views. The advent of high-resolution overhead imagery being placed in the hands of the masses has dramatically changed the idea of physical security. Historically, national borders, fences, guards, and other safeguards have limited access to sensitive locations. Only nation-states had the capability to examine these locations, using, among other things, the relatively risk-free access provided by satellites and highaltitude aircraft, such as the U2. You couldn't merely hop onto Google Maps and zoom in for a detailed look. This level of easy access has changed the idea of security and privacy. John Young's Eyeballing Series at Cryptome.org and Eyeballseries. org demonstrates the power these tools give us. Young combines high-resolution satellite images with other publicly available information to create powerful analyses of such things as the residence of the Vice President of the United States, India's Bhabha Atomic Research Center, and the National Security Agency. Similarly, Alex and James Turnbull's Google Sightseeing site (www.googlesightseeing.com) highlights areas of interest found in Google imagery data. They have categorized images from around the Earth, including aircraft, bridges, buildings, movie locations, spacecraft, and even naked people.

Whereas Google Sightseeing depends on tips from Google sightseers around the world to find interesting spots,Wikimapia takes a different approach.Wikimapia allows web users to directly annotate Google imagery. These annotations, some 4.5 million, are then visible to the world. The concept is simple, cool, and useful, but the security risks are profound. Any user can annotate the maps, based on inside information, that would otherwise be impossible to detect via imagery alone. Figure 7 illustrates one such example. As you examine the figure, it is very unlikely that you could identify the structures at the center of the two large circles.Well, one Wikimapia kindly labeled these as "Jump Towers."With a little research, you will find that these towers are used to train paratroopers at the U.S. Army's Airborne School. The important lesson here is that it takes only one knucklehead to disclose something you or your company would have preferred to keep secret; with Wikimapia, or a similar tool, they can share it with the world.

[Click image to view at full size]

Figure 7: Web sites such as Wikimapia.com allow users to collaboratively analyze and annotate satellite imagery, such as this paratrooper training facility.

Today imagery is gathered via satellites, manned aircraft, unmanned aircraft, and even cars instrumented with cameras (see the section "Street-Level View"). In the future, we will see imagery gathered from virtually any platform you can imagine, and you can expect the resolution of the images to increase significantly as sensor technology improves. It seems as if we are living in an ever-increasing surveillance grid.Virtually every modern cell phone has a built-in camera, and many phones also have embedded GPS. The combination of the two has led to the rise of geotagging, which is the embedding of geographic information in various forms of media. Sites such as flickr.com now allow easy publishing of geotagged images. (See Figure 8.) We also are seeing a significant increase in the number of government and commercially run surveillance cameras, such as the British traffic wardens who were issued head-mounted video cameras and the plans for creating a security veil of license plate readers and more than 3,000 public and private video cameras covering downtown New York City.

[Click image to view at full size]

Figure 8: In the future,we will see the rise of geotagged media, such as seen on Flickr. This image
depicts two sets of geotagged images of a well-known security researcher.

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task.
However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Video

This month's Dr. Dobb's Journal

This month,
Dr. Dobb's Journal is devoted to mobile programming. We introduce you to Apple's new Swift programming language, discuss the perils of being the third-most-popular mobile platform, revisit SQLite on Android
, and much more!